Thread: Simple Blocking Punkbuster Screenshots

since pb dont check this function you can hook the function with detours
but i released a few days ago the binary for cod4 and there detected it as "pb hack" so you could figure it out what there actually detected

anyway its quick easy to find Punkbusters screnshot function

you need just to find CreatePen call and there calls it only in 1 function

from cod4 inside pbcl.dll

decompiled

Code:

void __thiscall sub_402DA9(int this)
{
  int v1; // edi@1
  size_t v2; // ebx@2
  int v3; // eax@2
  HDC v4; // eax@5
  HPEN v5; // eax@6
  int v6; // eax@8
  int v7; // ebx@10
  size_t v8; // [sp+8h] [bp-24h]@2
  int v9; // [sp+18h] [bp-14h]@3
  int v10; // [sp+2Ch] [bp+0h]@4
  char v11; // [sp+84h] [bp+58h]@10
  char v12; // [sp+87h] [bp+5Bh]@11
  char v13; // [sp+90h] [bp+64h]@4
  HGDIOBJ ho; // [sp+9Ch] [bp+70h]@6
  HDC hdc; // [sp+A0h] [bp+74h]@5

  v1 = this;
  if ( *(_DWORD *)(this + 20) )
  {
    v2 = 124;
    memset(&v8, 0, 0x7Cu);
    v3 = *(_DWORD *)(v1 + 20);
    v8 = 124;
    if ( (*(int (__stdcall **)(int, _DWORD, size_t *, signed int, _DWORD))(*(_DWORD *)v3 + 100))(v3, 0, &v8, 1, 0) >= 0 )
    {
      if ( v9 >= 12 )
      {
        ((void (__cdecl *)(char *, int, signed int))(dword_4B376C ^ 0xD7BB75F4))(&v13, v10, 12);
        ((void (__cdecl *)(int, signed int, signed int))(dword_4B3978 ^ 0xD7BB75F4))(v10, 1, 12);
        v2 = 124;
      }
      (*(void (__stdcall **)(_DWORD, _DWORD))(**(_DWORD **)(v1 + 20) + 128))(*(_DWORD *)(v1 + 20), 0);
      v4 = GetDC(0);
      hdc = v4;
      if ( v4 )
      {
        MoveToEx(v4, 0, 0, 0);
        v5 = CreatePen(0, 1, 0xF9F9F9u);
        ho = v5;
        if ( v5 )
        {
          SelectObject(hdc, v5);
          LineTo(hdc, 2, 0);
          DeleteObject(ho);
        }
        memset(&v8, 0, v2);
        v6 = *(_DWORD *)(v1 + 20);
        v8 = v2;
        if ( (*(int (__stdcall **)(int, _DWORD, size_t *, signed int, _DWORD))(*(_DWORD *)v6 + 100))(v6, 0, &v8, 1, 0) >= 0 )
        {
          if ( v9 >= 12 )
          {
            v7 = dword_4B376C ^ 0xD7BB75F4;
            ((void (__cdecl *)(char *, int, signed int))(dword_4B376C ^ 0xD7BB75F4))(&v11, v10, 8);
            ((void (__cdecl *)(int, char *, signed int))v7)(v10, &v13, 8);
          }
          (*(void (__stdcall **)(_DWORD, _DWORD))(**(_DWORD **)(v1 + 20) + 128))(*(_DWORD *)(v1 + 20), 0);
          *(_DWORD *)(v1 + 4) = 4 * (v12 == -7) - 1;
        }
      }
    }
  }
}

and then just hook it

hire the code for it

Code:

bool Onetime = true;
bool stupid = false;

void __fastcall  PunkbusterScreenshot(  )
{
    if(Onetime)
    {
        MessageBox(GetForegroundWindow(), "Punkbuster Screenshot has been blocked","King-Orgy" , MB_OK );
        Onetime = false;
    }    
}

BOOL WINAPI DllMain (HMODULE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)
{
    switch (fdwReason)
    {
        
    case DLL_PROCESS_ATTACH:
        {        
            DisableThreadLibraryCalls( hinstDLL );
            main_hinstDLL = hinstDLL;
        
            if(stupid)
            {
                MessageBox(NULL, "are you a evenbalance developer?","King-Orgy" , MB_OK );
                stupid = true;
            }    
    
            HMODULE pbcl_dll; 
            FARPROC Proc_pb; 
            
            pbcl_dll = LoadLibrary("pb/pbcl.dll");
            
            if ( pbcl_dll )
            {
                Proc_pb = GetProcAddress(pbcl_dll, "ca");
                
                if(Proc_pb)
                {
                    DetourFunction((PBYTE)pbcl_dll+0x2DA9, (PBYTE)PunkbusterScreenshot  );
                }
            }
            break;    
        }
    }
    return 1;
}

How to use this whit c++?:O
Please explain that you can start from somewhere..

Originally Posted by gyuri

How to use this whit c++?:O
Please explain that you can start from somewhere..

first it is coded in c++
second learn c++,after it u will know how to use this
may orgy is not the best in explaining,but this is really easy to understand

Originally Posted by gyuri

How to use this whit c++?:O
Please explain that you can start from somewhere..

Like Phobos said, you need to learn C++ first. But you need to learn some hooking too.You can't just copy&paste a code. I know, it might be frustrating but you need to learn to hook before you start hooking anything :<

Originally Posted by uNhoL

Like Phobos said, you need to learn C++ first. But you need to learn some hooking too.You can't just copy&paste a code. I know, it might be frustrating but you need to learn to hook before you start hooking anything :<

The code above is copy/pasting, you don't even need to know anything about c++.

It is sad people ask a manual for something like that

Regards,
mOwl

Originally Posted by mOwl

The code above is copy/pasting, you don't even need to know anything about c++.

It is sad people ask a manual for something like that

Regards,
mOwl

woops didn't read the code and thought it's not copypaste lol. But yeah it's kinda sad :<

Detected now: Corrupted Packet/Memory =o